Hi all,
We are embarking on a test project to determine if an open network (well, relatively open) is suitable for some locations in our environment. The goal is increase WIFI usage, increase BYOD usage, reduce technical support requirements, while maintaining a safe environment.
We have nyumerous sites (mixed Apple, AD environment), with each site having their own OpenDirectory or AD. Because of this, we have had numerous issues trying to develop an easy to use, simple to manage/maintain authentication system as, because as our users roam, they end up on sites where their "home" SSID is not available etc. etc. I suppose what we really need is a "SUPER" radius system that we could use as a master RADIUS server, that would check all other RADIUS servers...does that exist?
Anyways, all that aside, we have decided to try an OPEN SSID to see what happens.
Has anyone gone down this path, and any suggestions on how to do it the "best" way. At this point, we have just added an SSID, and dropped the users into a user profile which allows:
dhcp-acl/,icmp-acl/,dns-acl/,http-acl/,https-acl/,OPENPORTS/,OPENSERVERS/,DENY-LOCAL-NETS/
OPENPORTS and OPENSERVERs are PERMIT ACL's which just allow certain TCP/UDP ports through, and OPENSERVERS is an ACL which just opens up entire IP addresses to the guests....such as a printer.
DENY-LOCAL-NETS blocks access to all our subnet ranges.
Any suggestions, thoughts etc.
Thanks for the time.....
Grant